Wireless networks have become increasingly widespread as demands for high-speed, mobile, and flexible network access increase. In a wireless network, data transmission generally includes communication of radio frequency signals between a wireless network card and a wireless access point (WAP). Client devices generally connect to hubs, routers, switches, or other WAPs, which provide a link to a wired network backbone. Although wireless networks tend to implemented locally (e.g., as a local or campus area network), with sufficient broadcast power or signal repeaters, a wireless network may span an expansive coverage area. As a result, unauthorized users falling within the coverage area may attempt to gain access to a wireless network, potentially posing significant security risks. In view of these and other types of security threats, managing security of a wireless network has received significant attention as enterprises and other organizations make decisions about what type of network to deploy.
For example, a secure wireless network may employ various techniques to ensure that a client device or a user of the device has authorization to connect to the network (e.g., encrypting data to minimize a likelihood of eavesdropping or data interception, or verifying authorization credentials of a device or a user, such as a username/password, among other techniques). In this regard, many wireless networks use Wired Equivalent Privacy (WEP) to provide a level of security and privacy comparable to what may be expected of a wired network. WEP purports to establish such protection by encrypting data transmitted over the wireless network to protect vulnerable links between clients and WAPs. Once this measure has been taken, other typical security mechanisms (e.g., password protection, end-to-end encryption, virtual private networks, authentication, etc.) can be employed to ensure privacy.
Due to inherent weaknesses in the design of WEP, however, many enterprise environments have been reluctant to adopt 802.11 wireless networks. For example, WEP encrypts data according to an RC4 (also known as ARC4 or ARCFOUR) stream cipher, resulting in WAPs or wireless network cards in WEP-enabled networks encrypting a payload of each 802.11 frame with the cipher prior to transmission. WEP creates a seed for the encryption by concatenating a shared secret (e.g., a user-supplied password or other secret encoded as a 40-bit or a 64-bit key) and a random 24-bit initialization vector (IV). In a WEP transmission, the seed drives a pseudo-random generator to create a keystream having a length equal to a frame's payload length plus a 32-bit integrity check value (ICV), which ensures that the payload has not been tampered with. Prior to transmission, the keystream may be combined with the payload and the ICV through a bitwise XOR process, creating an encrypted data stream. The IV may be inserted within the first few bytes of the 802.11 frame (e.g., in clear text), and a receiving station uses the IV along with the known shared secret to decrypt the data.
As a result, in order for WEP to work, each entity in a wireless network (e.g., WAPs, end user devices, etc.) needs to have access to the same shared secret (e.g., password). While 802.11 does not require changing the IV for each transmitted frame, many security solutions tend to change the IV for each frame to reduce a likelihood of recovering the shared secret. Even so, WEP tends to be vulnerable, for example, because the IVs only have 24 bits and security keys tend to remain static. Thus, in large enterprise networks with heavy traffic, changing the IV for each frame tends to result in the IVs often being repeated fairly regularly. As such, intruders using simple brute force techniques may easily recover the shared secret within an hour or less, or by using more powerful algorithms, the shared secret could be recovered in a matter of minutes.
To solve this problem, some wireless networks implement 802.1x to dynamically deploy keys. Although dynamic deployment provides some security improvements, 802.1x has several drawbacks, such as requiring a large deployment infrastructure, including radius servers and other back-end security solutions (e.g., Extensible Authentication Protocol). However, as large infrastructures tend to be impractical for individual users or smaller organizations, many wireless network implementations may be excluded from realizing advantages offered by 802.1x. As such, new standards, such as Wi-Fi Protected Access (WAP or WAP-2), were developed to support pre-shared secrets, which addresses some of the shortcomings of WEP.
WPA uses open system authentication, in which each user may be provided with a unique unicast key, while all users may be provided with a common broadcast key. Thus, WPA includes a two-phase authentication process, including a first phase for performing verification and a second phase for performing authentication at a user-level using 802.1x. With 802.1x, the unicast key can be rekeyed optionally, while no mechanism exists for changing the common encryption key used for multicast and broadcast traffic. With WPA, however, both the unicast key and the common encryption key must be rekeyed. As a result, WPA mandates implementation of Temporal Key Integrity Protocol (TKIP). For example, TKIP changes the unicast encryption key for every transmitted frame and synchronizes the change between a wireless client and a WAP. For the global encryption key, WPA includes a facility for the WAP to advertise changes to wireless clients connected to the WAP.
Thus, among other advantages, TKIP verifies security configurations after determining the encryption keys, synchronizes changes of the unicast encryption key for each frame, and determines a unique starting unicast encryption key for each pre-shared key (PSK) authentication. Moreover, TKIP can provide this additional security simply through updating firmware at the WAP or client network interface card. However, in order to generate the PSKs used in WPA, a primary master key (PMK) may have to be generated to initialize the TKIP encryption process. As a result, the TKIP initialization process also introduces weaknesses by being based on a pre-shared secret. For example, weak passwords used for the PSK (e.g., words available in a dictionary) may be subject to brute-force attacks that can recover the PSK, for example, using tools like coWPAtty. Further, mechanisms may need to be developed to inform users of changes to the PSKs, or the process may be subject to post-note syndrome (e.g., where users write passwords on post-notes that can be appropriated from a publicly available place).
Thus, although 802.1x addresses some security concerns by obviating the need to distribute PSKs, this type of solution may not be available in many instances. Furthermore, mechanisms designed to bridge the gap between 802.11 and 802.1x, such as WAP, also present various security risks.
Existing systems suffer from these and other problems.